Slower PC HJT Log

[dorts]

I just want to confirm that your computer is clean.

Do this scan.

Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe

• Doubleclick the drweb-cureit.exe file and click Start to run the express scan
• This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
• Once the short scan has finished, mark the drives that you want to scan.
• Select all drives. A red dot shows which drives have been chosen.
• Click the green arrow at the right, and the scan will start.
• Click 'Yes to all' if it asks if you want to cure/move the file.
• When the scan has finished, look if you can click next icon next to the files found:
• If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
  
  This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
• After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
• Save the report to your desktop. The report will be called DrWeb.csv
• Close Dr.Web Cureit.
• Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
• After reboot, post the contents of the log from Dr.Web you saved previously in your next reply.

How is your system behaving now?

[steviedee]

PC is running fine, very fast and responsive

Dr WebScan:

VSAdd-in.dll;F:\Program Files\VSAdd-in;Adware.TopSearch;Incurable.Moved.;
A0008439.dll;F:\System Volume Information\_restore{784B1AA9-0DC1-4964-9BFD-30E42D64087D}\RP27;Trojan.Virtumod;Deleted.;
A0008444.dll;F:\System Volume Information\_restore{784B1AA9-0DC1-4964-9BFD-30E42D64087D}\RP27;Trojan.Popuper;Deleted.;
A0008459.dll;F:\System Volume Information\_restore{784B1AA9-0DC1-4964-9BFD-30E42D64087D}\RP28;Trojan.Popuper;Deleted.;
A0008486.dll;F:\System Volume Information\_restore{784B1AA9-0DC1-4964-9BFD-30E42D64087D}\RP29;Trojan.Popuper;Deleted.;
A0008666.dll;F:\System Volume Information\_restore{784B1AA9-0DC1-4964-9BFD-30E42D64087D}\RP33;Trojan.Popuper;Deleted.;
A0008678.dll;F:\System Volume Information\_restore{784B1AA9-0DC1-4964-9BFD-30E42D64087D}\RP33;Adware.TopSearch;Incurable.Moved.;
A0008728.dll;F:\System Volume Information\_restore{784B1AA9-0DC1-4964-9BFD-30E42D64087D}\RP33;Trojan.Popuper;Deleted.;
A0008740.dll;F:\System Volume Information\_restore{784B1AA9-0DC1-4964-9BFD-30E42D64087D}\RP33;Trojan.Popuper;Deleted.;
A0008756.dll;F:\System Volume Information\_restore{784B1AA9-0DC1-4964-9BFD-30E42D64087D}\RP33;Trojan.Popuper;Deleted.;
A0008980.dll;F:\System Volume Information\_restore{784B1AA9-0DC1-4964-9BFD-30E42D64087D}\RP39;Trojan.Popuper;Deleted.;
A0008996.exe;F:\System Volume Information\_restore{784B1AA9-0DC1-4964-9BFD-30E42D64087D}\RP39;Trojan.Popuper;Deleted.;
A0008997.exe;F:\System Volume Information\_restore{784B1AA9-0DC1-4964-9BFD-30E42D64087D}\RP39;Trojan.Popuper;Deleted.;
A0008999.dll;F:\System Volume Information\_restore{784B1AA9-0DC1-4964-9BFD-30E42D64087D}\RP39;Adware.Lucky;Incurable.Moved.;
A0009010.dll;F:\System Volume Information\_restore{784B1AA9-0DC1-4964-9BFD-30E42D64087D}\RP39;Trojan.Virtumod;Deleted.;
A0009011.dll;F:\System Volume Information\_restore{784B1AA9-0DC1-4964-9BFD-30E42D64087D}\RP39;Trojan.Juan;Deleted.;
A0010573.exe;F:\System Volume Information\_restore{784B1AA9-0DC1-4964-9BFD-30E42D64087D}\RP43;Tool.Prockill;Incurable.Moved.;
A0010575.exe;F:\System Volume Information\_restore{784B1AA9-0DC1-4964-9BFD-30E42D64087D}\RP43;Tool.ShutDown.11;Incurable.Moved.;
A0010610.exe;F:\System Volume Information\_restore{784B1AA9-0DC1-4964-9BFD-30E42D64087D}\RP44;Adware.TopSearch;Incurable.Moved.;
A0010611.exe;F:\System Volume Information\_restore{784B1AA9-0DC1-4964-9BFD-30E42D64087D}\RP44;Adware.TopSearch;Incurable.Moved.;
A0010614.dll;F:\System Volume Information\_restore{784B1AA9-0DC1-4964-9BFD-30E42D64087D}\RP44;Trojan.Virtumod;Deleted.;

[dorts]

Hello and welcome back to TSF

Uninstall

Click > Start > Control Panel > Add / Remove Programs and uninstall the following programs (if they exist):

• VSAdd-in

Files and Folders Deletion

Delete the following Files indicated in RED and Folders indicated in BLUE if they still exist.


F:\Program Files\VSAdd-in


Other than that, you're clean! Do you have any other problems? If not, you are set to go!

Reset hidden/system files and folders

• Click Start.
• Open My Computer.
• Select the Tools menu and click Folder Options.
• Select the View tab.
• Deselect the Show hidden files and folders option.
• Select the Hide file extensions for known types option.
• Select the Hide protected operating system files option.
• Click Yes to confirm.
• Click OK.

Create a new System Restore point

• click Start >> Run - type SYSDM.CPL & press Enter
• select the System Restore Tab
• tick on the checkbox - "Turn off System Restore on all drives"
• click Apply
• then untick the same checkbox & click OK

Enable Windows Auto Update

• Go to Start>Run - type wuaucpl.cpl
• tick on the checkbox - "Keep my computer up to date"
• Under settings, choose "Automatically download the updates, and install them on the schedule that I specify".
• Click on "OK".

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programs:

• SpywareBlaster to help prevent spyware from installing in the first place.
  • Install & update SpywareBlaster with the latest definitions.
    After you have updated, click the button - enable protection for all unprotected items
• SpywareGuard to catch and block spyware before it can execute.
  
• SPYBOT - SEARCH & DESTROY
  Download and install Spybot - Search & Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with the program on a regular basis just as you would an antivirus software. A tutorial on installing & using this product can be found here
  
• AD-AWARE
  Download and install Ad-Aware. You should use this program to scan your computer on a regular basis just as you would an antivirus software in conjunction with Spybot. A tutorial on installing & using this product can be found here
  
• Winpatrol - Download and install the free version of Winpatrol.
  A tutorial for this product is located here:
  Using Winpatrol to protect your computer from malicious software
  
  
• IE-SPYAD - IE/Spyad places more than 4000 dubious websites and domains in the IE Restricted list. This severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
  • Download IE-SpyAD - Extract the contents to a new folder
    From within the folder, double-click install.bat
    Select Option #2 - Install the new IE-SPYAD list.
    Then return to the main menu.
    Select option #4 - Add the old porn sites domain
  
  
  
• MVPS HOST FILE
  The MVPS Hosts file replaces your current HOSTS file with one that will restrict known ad sites form serving you unsolicited advertisements. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is the IP of your local computer.
  • Download Host.zip to your desktop.
  • From your Desktop right-click (hosts.zip) and select:
    Extract All from the menu.
    
  • Click Next, click Next, select the option:
    "Show Extracted files", click Finish
    
  • This will open the newly created hosts folder on your Desktop.
    
  • Double-click on the included mvps.bat file, this will rename the existing HOSTS file to HOSTS.MVP, then it will copy the included updated HOSTS file to the correct location on your machine.
  
  
  
• ANTIVIRUS SOFTWARE
  It is very important that you have anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.
  
  See this link for a listing of some online antivirus scanners:
  
  Anti-Spyware Tutorial
  
  If you do not have a firewall, here are 4 free ones available for personal use:
  
  • ZoneAlarm
  • Avast Antivirus/Firewall
  • Tiny Personal Firewall
  • OutPost Firewall

In light of your recent troubles, I'm sure you'll like to avoid any future infections. Please take a look at these well written articles

• HOW DID I GET INFECTED IN THE FIRST PLACE?
• THE ANTI-SPYWARE TUTORIAL
• MAKING INTERNET EXPLORER SAFER

As well as a great article written by our fellow Security Analyst, Glaswegian.
PC Safety & Security - What Do I Need?.


If you want to fight back the Malware Writers that have made your life a misery, please take a look here and read what you can do against it.


Please respond to this thread one more time so we can mark this thread as resolved.

Please also consider donating to TSF to keep this site free for all.

[steviedee]

Done!

thanks very much, by the looks an feel of it my pc is malware clean.

I have other issues which i listed before, and also one other which i have written a post about regarding computer games and lagging keyboard which i cant figure out:S

so if u wish to shed your knowledge on the subject feel free :D

but thankyou

Steviedee>>>